Cryptojacking softwares have become a nuisance lately and the main issue that concerns many is that they are getting sophisticated with every passing year, making it quite difficult to track them. According to a new report by the security company Sucuri, scammers are using fake WordPress plug-ins to gain access to victim’s computers to mine cryptocurrencies.
Sucuri’s report revealed that scammers are cloning legit softwares’ plug-ins to create a backdoor into the victim’s website to gain unauthorized access, as well as to install a Linux Binary code that is used to mine cryptocurrency. One such fake plug-in was found to be “wpframework,” a plug-in whose development was closed in 2011. However, analysts have found at least 400 new installations in recent months.
Sucuri tried backtracking the domain which was hosting the binary code for crypto-mining, but that domain was no longer active. However, the plug-in continued the unauthorized backdoor activity. The binary code for crypto-jacking was added to the ‘Virus Total’ antivirus platform on 18 September and since then, the code has been detected by 26 of the 56 engines.
Creating a fake WordPress plugin is much easier than creating a crypto-jacking malware
Researchers noted that the increased frequency of fake WordPress plug-ins to install malicious mining malware was much easier for attackers as they only needed to modify a few codes, rather than creating the whole software. The study also revealed that attackers have created tools that can clone a real WordPress plug-in and load it with malicious files to their advantage.
Sucuri has recommended users to do a thorough clean-up and check additional website components during malware clean-ups as Themes and plug-ins are generally not checked by anti-malware softwares. The use of these plug-ins helps attackers keep control of these malicious softwares, even after using anti-virus softwares.